Nginx Proxy Manager
v1.0.0Manage Nginx Proxy Manager (NPM) for reverse proxy and SSL termination to internal services like staging/prod apps. Use when creating/updating proxy hosts, r...
⭐ 0· 388·4 current·4 all-time
by@mw-slc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name and description align with the instructions: creating/updating proxy hosts, requesting Let's Encrypt certs, enforcing HTTPS, websocket support, and routing to upstreams. Nothing in the SKILL.md unexpectedly requests unrelated cloud providers, system-level credentials, or other services.
Instruction Scope
Runtime instructions are narrowly scoped to NPM operations (check DNS, call NPM API token endpoint, create/update proxy hosts, check certificates). They do not instruct the agent to read unrelated files, system credentials, or transmit data to third-party endpoints outside of the described workflow.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — minimal risk from installation. The skill relies on normal tooling (curl) but does not force any downloads or archive extraction.
Credentials
SKILL.md recommends environment variables (NPM_BASE_URL, NPM_IDENTITY, NPM_SECRET) and shows an example curl token request, but the registry metadata lists no required env vars. This is a minor metadata mismatch (recommended vs declared). The requested variables themselves are proportional and expected for authenticating to NPM; do not provide them in-line — use secure agent secret storage as advised.
Persistence & Privilege
The skill does not request permanent 'always' presence and has default autonomous invocation settings. It does not ask to modify other skills or system-wide config. Normal agent autonomy applies and is appropriate for this task.
Assessment
This skill appears to do what it says: manage Nginx Proxy Manager via its API. Before using it, keep these simple precautions: (1) don't paste NPM_IDENTITY/NPM_SECRET into chat — store them in your agent's secret store or an external vault and only grant the skill access to those secrets when needed; (2) verify the agent will limit changes to the intended environment (use staging first and snapshot/export NPM config before touching production); (3) note the small metadata mismatch: SKILL.md recommends env vars that the registry didn't mark as required — treat them as sensitive and configure them securely; (4) if you need tighter control, require explicit human approval before the skill makes changes to production domains.Like a lobster shell, security has layers — review code before you run it.
latestvk970mpezjd4gjk0sdmmxnsmwyx823kk1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.